Hagai Bar-El

Secure Product Design Services

Security products require secure design from the top down. This holds for all security products, and especially for those that introduce proprietary mechanisms (not necessarily proprietary algorithms) when using cryptography.

We provide assistance in the secure design of methods, protocols, and products (software and hardware). Our involvement is offered at all stages of the product design, starting at the top level of risk assessment and threat modeling, all the way down to code review, through design reviews and security requirements definition. In practice, we provide consulting, analysis and documentation in the following areas and stages of development:

1. Threat and Risk Assessment (What are the assets? Who are the enemies? What damage can the enemies reasonably cause?)
2. Security Model/Policy and Protection Model definition (a.k.a. Security Target) (What approach do we use to protect the assets? What shall be assured for the system to be secure?)
3. Evaluation of known security measures against the needs of the system (What adequate mechanisms are already out there that have passed the test of time? How do we deploy them effectively?)
4. Design of proprietary or case-specific security measures (The mechanisms and flavors we develop when no school-book solution exists.)
5. System security design assurance, at various specification levels.
6. Implementation security review and code review.

We may be involved in one, more, or all of these stages in a way that complements the skills available within the organization. A flexible involvement policy allows to provide the most cost-effective solution for the customer, who can fully utilize its in-house resources. Contracts range from a single-iteration review of security specifications that are received and commented on, to continuous involvement that facilitates periodic meetings throughout the entire product development cycle. Our business model favors concentrated professional work over endless retainer contracts, so our involvement in the product design is tightly coupled with the actual need.